Beyond Internet security to risk management

April 05, 2007

SCADA Has Holes!

In addition to foreign manufacturers, very long (decade or more)
upgrade times, deployments in odd locations that pretty much require
network access by non-net-savvy technicians, etc., SCADA also
has another bug:

Neutralbit identified the vulnerability in NETxAutomation NETxEIB OPC
(OLE for Process Control) Server. OPC is a Microsoft Windows standard for
easily writing GUI applications for SCADA. It's used for interconnecting
process control applications running on Microsoft platforms. OPC servers
are often used in control systems to consolidate field and network
device information.

Neutralbit reports that the flaw is caused by improper validation of
server handles, which could be exploited by an attacker with physical or
remote access to the OPC interface to crash an affected application or
potentially compromise a vulnerable server. Neutralbit has also recently
published five vulnerabilities having to do with OPC.

Neutralbit also claims this is the first remotely accessible SCADA
vulnerability, which the smallest amount of googling shows is not true
(I leave that as an exercise for the reader).
However, they probably have found a real vulnerability.

A bad situation has been made worse by adding Windows.
And more holes resulted.
Surprise!

The best defense we have for SCADA is the same
balkanized byzantine deployments that make fixing these SCADA security
problems so difficult in the first place.

Of course, if the U.S. were serious about this sort of thing,
the U.S. government could probably fund new and better SCADA
software and deployments for about what it spends in one week
in Iraq, and for probably less than it wastes in airport security
theater.

Until then, or until the first really big SCADA exploit,
SCADA will be vulnerable.

Jared Diamond: Collapse: How Societies Choose to Fail or SucceedThe author examines societies from the smallest (Tikopia) to the largest (China) and why they have succeeded or failed, where failure has included warfare, poverty, depopulation, and complete extinction. He thought he could do this purely through examining how societies damaged their environments, but discovered he also had to consider climate change, hostile neighbors, trading partners, and reactions of the society to all of those, including re-evaluating how the society's basic suppositions affect survival in changed conditions.